In python we have two modules we should learn for pentesting but also for coding purposes if we work with random values.

Example Situation:

Mike wants to make requests with a PHPSESSID as cookie, otherwise Recaptcha/Cloudflare blocks him. He knows that he can use requests with cookies but he needs to generates either a random value or he needs to use a permanent value.

Example Solution:

First of all we need to import important modules:

import requests
import random
import string
import ast

requests : Requests module for doing requests.
random : Random module for randomizing integers, characters and choices.
string : String module for all characters (ascii, digits, printable, punctuations..)
ast : Ast module for combining string with dictionaries.

def php_session(length):
out = ''.join(random.choice(string.ascii_lowercase + string.digits) for _ in range(length))
return out

We creating here a definition with the name php_session to return the out variable. The out variable is a for loop which will loop the times of the given length to choose random characters from the ascii and digits variable of strings.

An example will help you to understand this :

>>> string.ascii_lowercase
>>> string.digits

We add the two variables into one, but this is not necessary because random.choice will choose from these two variables it's random choice.

>>> string.digits + string.ascii_lowercase

>>> random.SystemRandom().choice(string.digits + string.ascii_lowercase)

Finally we add the join which will execute the for loop through the code for _ in range(length).

For example

>>> php_session(26)

We need now compile the values for the cookies dictionary:

cookies_temp = f"'PHPSESSID': '{php_session(26)}'"
cookies = ast.literal_eval("{"+cookies_temp+"}")

Here we use f for format instead appending .format at the end.

Usually PHPSESSID's are 26 characters long.

Finally we add our headers and requesting it:

headers = {'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0','Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8','Accept-Language': 'en-US,en;q=0.5','DNT': '1','Connection': 'keep-alive','Upgrade-Insecure-Requests': '1','Pragma': 'no-cache','Cache-Control': 'no-cache','TE': 'Trailers'}
response = requests.get('https://www.fakeaddressgenerator.com/US_Real_Random_Address', headers=headers, cookies=cookies)


That's the tutorial :)

Kush Bhargav Sah


Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kush sah

#Appdeveloper, Game developer, web Developer willing to be an entrepreneur mining great ideas….connect with me on telegram:@Kushsah,Instagram:@kushbhargav